Abstract
The winner of the Advanced Encryption Standard (AES) competition, Rijndael, strongly resists mathematical cryptanalysis. However, side channel attacks such as differential power analysis and template attacks break many AES implementations.
We propose a cheap and effective countermeasure that exploits the diversity of algorithms consistent with Rijndael’s general design philosophy. The secrecy of the algorithm settings acts as a second key that the adversary must learn to mount popular side channel attacks. Furthermore, because they satisfy Rijndael’s security arguments, these algorithms resist cryptanalytic attacks.
Concretely, we design a 72-bit space of SubBytes variants and a 36-bit space of ShiftRows variants. We investigate the mathematical strength provided by these variants, generate them in SageMath, and study their impact on differential power analysis and template attacks against field-programmable gate arrays (FPGAs) by analyzing power traces from the DPA Contest v2 public dataset.
This work is sponsored by the Office of Naval Research under Air Force Contract FA8721-05-C-002. Opinions, interpretations, conclusions and recommendations are those of the authors and are not necessarily endorsed by the United States Government.
M. Varia—Research performed while consulting at MIT Lincoln Laboratory.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For instance, one can modify Manteena’s implementation of AES in VHDL [19, Appendix D] to produce different, static mappings of byte values in SubBytes, mappings of byte locations in ShiftRows, and matrix constants in MixColumns.
- 2.
Our variants perform XOR, just as AES does. By contrast, Rijmen and Oswald [13] create variants that preserve AES’ original SubBytes functionality, at the cost of replacing XOR with a (slower and leakier) table lookup.
- 3.
It is also possible to choose the primitive root of the polynomial used to represent elements of \({{\mathrm{GF}}}(256)\) [9]. This yields 3 bits of entropy independent of the affine transformation. However, SageMath encapsulates its choice of primitive root, so our work skips this extra flexibility.
- 4.
We remark that Jing et al.’s calculation of this value [16] is inaccurate by a multiplicative factor of 7. Coincidentally, this 1/7 error closely matches the omitted 13.5 % throughput of SubBytes lacking fixed points.
- 5.
This analysis generalizes to plaintext attacks.
References
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). doi:10.1007/3-540-48405-1_25
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). doi:10.1007/3-540-36400-5_3
DPA Contest v2. http://www.dpacontest.org/v2/. Accessed 12 September 2014
Weingart, S.H.: Physical security devices for computer subsystems: a survey of attacks and defenses. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 302–317. Springer, Heidelberg (2000). doi:10.1007/3-540-44499-8_24
Akkar, M.-L., Giraud, C.: An implementation of DES and AES, secure against some attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001). doi:10.1007/3-540-44709-1_26
National Institute of Standards and Technology: Federal Information Processing Standards Publication 197: Announcing the Advanced Encryption Standard, November 2001
Clavier, C., Isorez, Q., Wurcker, A.: Complete SCARE of AES-like block ciphers by chosen plaintext collision power analysis. In: Paul, G., Vaudenay, S. (eds.) INDOCRYPT 2013. LNCS, vol. 8250, pp. 116–135. Springer, Heidelberg (2013). doi:10.1007/978-3-319-03515-4_8
Barkan, E., Biham, E.: In how many ways can you write Rijndael? In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 160–175. Springer, Heidelberg (2002). doi:10.1007/3-540-36178-2_10
Rostovtsev, A., Shemyakina, O.: AES side channel attack protection using random isomorphisms. Cryptology ePrint Archive, Report 2005/087 (2005)
Wu, S.-Y., Lu, S.-C., Laih, C.S.: Design of AES based on dual cipher and composite field. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 25–38. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24660-2_3
Ghellar, F., Lubaszewski, M.S.: A novel AES cryptographic core highly resistant to differential power analysis attacks. In: Symposium on Integrated Circuits and System Design (2008)
Moradi, A., Mischke, O.: Comprehensive evaluation of AES dual ciphers as a side-channel countermeasure. In: Qing, S., Zhou, J., Liu, D. (eds.) ICICS 2013. LNCS, vol. 8233, pp. 245–258. Springer, Heidelberg (2013). doi:10.1007/978-3-319-02726-5_18
Rijmen, V., Oswald, E.: Representations and Rijndael descriptions. In: Advanced Encryption Standard (2004)
Karroumi, M.: Protecting white-box AES with dual ciphers. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 278–291. Springer, Heidelberg (2011). doi:10.1007/978-3-642-24209-0_19
Jing, M.H., Hsu, C., Truong, T.K., Chen, Y.H., Chang, Y.: The diversity study of AES on FPGA application. In: Field-Programmable Technology (2002)
Jing, M.H., Chen, Z.H., Chen, J.H., Chen, Y.H.: Reconfigurable system for high-speed and diversified AES using FPGA. Microprocess. Microsyst. 31, 94–102 (2007)
Grosek, O., Siska, J.: Semigroup of matrices over GF2\({}^{\text{s}}\) and its relation to AES. Comput. Artif. Intell. 22, 417–426 (2003)
Grosek, O., Zajac, P.: Searching for a different AES-class MixColumns operation. In: WSEAS International Conference on Applied Computer Science (2006)
Manteena, R.: A VHDL Implemetation of the Advanced Encryption Standard-Rijndael Algorithm. Ph.D. thesis, University of South Florida (2004)
Dziembowski, S., Kazana, T., Wichs, D.: Key-evolution schemes resilient to space-bounded leakage. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 335–353. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22792-9_19
Shannon, C.E.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28, 656–715 (1949)
Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, New York (2002)
Murphy, S., Robshaw, M.J.B.: Essential algebraic structure within the AES. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 1–16. Springer, Heidelberg (2002). doi:10.1007/3-540-45708-9_1
Paar, C., Rosner, M.: Comparison of arithmetic architectures for Reed-Solomon decoders in reconfigurable hardware. In: Field-Programmable Custom Computing Machines (FCCM) (1997)
OpenSSL: Optimised ANSI C code for the Rijndael cipher (now AES). https://github.com/openssl/openssl/blob/master/crypto/aes/aes_core.c. Accessed 3 April 2016
Rouvroy, G., Standaert, F., Quisquater, J., Legat, J.: Compact and efficient encryption/decryption module for FPGA implementation of the AES Rijndael very well suited for small embedded applications. In: International Conference on Information Technology: Coding and Computing (2004)
Cusick, T.W., Stanica, P.: Cryptographic Boolean Functions and Applications. Academic Press, San Diego (2009)
Stein, W., et al.: Sage Mathematics Software (Version 6.2). The Sage Development Team (2015). http://www.sagemath.org
Biham, E., Keller, N.: Cryptanalysis of reduced variants of Rijndael. In: 3rd AES Conference (2000)
Piret, G., Quisquater, J.J.: Impossible differential and square attacks: cryptanalytic link and application to Skipjack (2001)
Choudary, O., Kuhn, M.G.: Efficient template attacks. IACR Cryptology ePrint Archive (2013)
Dichtl, M.: A new method of black box power analysis and a fast algorithm for optimal key search. J. Cryptographic Eng. 1, 255–264 (2011)
Rivain, M., Roche, T.: SCARE of secret ciphers with SPN structures. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 526–544. Springer, Heidelberg (2013). doi:10.1007/978-3-642-42033-7_27
Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 390–406. Springer, Heidelberg (2013). doi:10.1007/978-3-642-35999-6_25
Novak, R.: Side-channel attack on substitution blocks. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 307–318. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45203-4_24
Hanley, N., Tunstall, M., Marnane, W.P.: Unknown plaintext template attacks. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 148–162. Springer, Heidelberg (2009). doi:10.1007/978-3-642-10838-9_12
Acknowledgments
We gratefully acknowledge the support of Sukarno Mertoguno in the Office of Naval Research. The second author also acknowledges NSF grant 1414119. Additionally, we thank our colleagues Rob Cunningham and Ben Fuller for their valuable guidance and support.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Spain, M., Varia, M. (2016). Diversity Within the Rijndael Design Principles for Resistance to Differential Power Analysis. In: Foresti, S., Persiano, G. (eds) Cryptology and Network Security. CANS 2016. Lecture Notes in Computer Science(), vol 10052. Springer, Cham. https://doi.org/10.1007/978-3-319-48965-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-48965-0_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48964-3
Online ISBN: 978-3-319-48965-0
eBook Packages: Computer ScienceComputer Science (R0)